X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-hello%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fhello%2FAPI_Hello.java;h=cdaa6a76a53e50a7d3cd717f5a6aa0b2cba16b46;hb=16c3995a89892b1dad4dab7df0f6200ac8b09f92;hp=2be162cc55c5af8be9ade7a8ecda0196e53f2d91;hpb=6261a19e61138e861f5c7eaf37835205f19f1fe0;p=aaf%2Fauthz.git diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index 2be162cc..cdaa6a76 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,6 +21,9 @@ package org.onap.aaf.auth.hello; +import java.io.BufferedReader; +import java.io.InputStreamReader; + import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,6 +35,8 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.owasp.encoder.Encode; + /** * API Apis * @author Jonathan @@ -40,82 +45,146 @@ import org.onap.aaf.misc.env.TimeTaken; public class API_Hello { - // Hide Public Constructor - private API_Hello() {} - - /** - * Normal Init level APIs - * - * @param oauthHello - * @param facade - * @throws Exception - */ - public static void init(final AAF_Hello oauthHello) throws Exception { - //////// - // Simple "GET" API - /////// - - oauthHello.route(HttpMethods.GET,"/hello/:perm*",API.TOKEN,new HttpCode(oauthHello,"Hello OAuth"){ - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - resp.setStatus(200 /* OK */); - ServletOutputStream os = resp.getOutputStream(); - os.print("Hello AAF "); - String perm = pathParam(req, "perm"); - if(perm!=null && perm.length()>0) { - os.print('('); - os.print(req.getUserPrincipal().getName()); - TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); - try { - if(req.isUserInRole(perm)) { - os.print(" has "); - } else { - os.print(" does not have "); - } - } finally { - tt.done(); - } - os.print("Permission: "); - os.print(perm); - os.print(')'); - } - os.println(); - - trans.info().printf("Said 'Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); - } - }); - - //////// - // REST APIs - /////// - oauthHello.route(oauthHello.env,HttpMethods.GET,"/resthello/:perm*",new HttpCode(oauthHello,"REST Hello OAuth") { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - resp.setStatus(200 /* OK */); - StringBuilder sb = new StringBuilder("{\"resp\": \"Hello REST AAF\",\"principal\": \""); - sb.append(req.getUserPrincipal().getName()); - sb.append('"'); - String perm = pathParam(req, "perm"); - if(perm!=null && perm.length()>0) { - TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); - try { - sb.append(",\"validation\": { \"permission\" : \""); - sb.append(perm); - sb.append("\",\"has\" : \""); - sb.append(req.isUserInRole(perm)); - sb.append("\"}"); - } finally { - tt.done(); - } - } - sb.append("}"); - ServletOutputStream os = resp.getOutputStream(); - os.println(sb.toString()); - trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); - } - },"application/json"); - - - - } + private static final String APPLICATION_JSON = "application/json"; + protected static final byte[] NOT_JSON = "Data does not look like JSON".getBytes(); + + // Hide Public Constructor + private API_Hello() {} + + /** + * Normal Init level APIs + * + * @param oauthHello + * @param facade + * @throws Exception + */ + public static void init(final AAF_Hello oauthHello){ + //////// + // Simple "GET" API + /////// + + oauthHello.route(HttpMethods.GET,"/hello/:perm*",API.TOKEN,new HttpCode(oauthHello,"Hello OAuth"){ + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + resp.setStatus(200 /* OK */); + ServletOutputStream os = resp.getOutputStream(); + os.print("Hello AAF "); + String perm = pathParam(req, "perm"); + if (perm!=null && perm.length()>0) { + os.print('('); + os.print(Encode.forJava(req.getUserPrincipal().getName())); + TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); + try { + if (req.isUserInRole(perm)) { + os.print(" has "); + } else { + os.print(" does not have "); + } + } finally { + tt.done(); + } + os.print("Permission: "); + os.print(Encode.forJava(perm)); + os.print(')'); + } + os.println(); + + trans.info().printf("Said 'Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); + } + }); + +//////////////// +// REST APIs +//////////////// + + //////////////// + // CREATE/POST + //////////////// + oauthHello.route(oauthHello.env,HttpMethods.POST,"/resthello/:id",new HttpCode(oauthHello,"REST Hello Create") { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + BufferedReader br = new BufferedReader(new InputStreamReader(req.getInputStream())); + StringBuilder sb = new StringBuilder(); + while (br.ready()) { + sb.append(br.readLine()); + } + String content = sb.toString(); + trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); + if (content.startsWith("{") && content.endsWith("}")) { + resp.setStatus(201 /* OK */); + } else { + resp.getOutputStream().write(NOT_JSON); + resp.setStatus(406); + } + } + },APPLICATION_JSON); + + + //////////////// + // READ/GET + //////////////// + oauthHello.route(oauthHello.env,HttpMethods.GET,"/resthello/:id",new HttpCode(oauthHello,"REST Hello Read") { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + resp.setStatus(200 /* OK */); + StringBuilder sb = new StringBuilder("{\"resp\": \"Hello REST AAF\",\"principal\": \""); + sb.append(req.getUserPrincipal().getName()); + sb.append('"'); + String perm = pathParam(req, "perm"); + trans.info().printf("Read request from %s: %s\n", pathParam(req, ":id"),perm); + if (perm!=null && perm.length()>0) { + TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); + try { + sb.append(",\"validation\": { \"permission\" : \""); + sb.append(perm); + sb.append("\",\"has\" : \""); + sb.append(req.isUserInRole(perm)); + sb.append("\"}"); + } finally { + tt.done(); + } + } + sb.append("}"); + ServletOutputStream os = resp.getOutputStream(); + os.println(Encode.forJava(sb.toString())); + trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); + } + },APPLICATION_JSON); + + //////////////// + // UPDATE/PUT + //////////////// + oauthHello.route(oauthHello.env,HttpMethods.PUT,"/resthello/:id",new HttpCode(oauthHello,"REST Hello Update") { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + BufferedReader br = new BufferedReader(new InputStreamReader(req.getInputStream())); + StringBuilder sb = new StringBuilder(); + while (br.ready()) { + sb.append(br.readLine()); + } + String content = sb.toString(); + trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); + if (content.startsWith("{") && content.endsWith("}")) { + resp.setStatus(200 /* OK */); + resp.getOutputStream().print(Encode.forJava(content)); + } else { + resp.getOutputStream().write(NOT_JSON); + resp.setStatus(406); + } + } + },APPLICATION_JSON); + + + //////////////// + // DELETE + //////////////// + oauthHello.route(oauthHello.env,HttpMethods.DELETE,"/resthello/:id",new HttpCode(oauthHello,"REST Hello Delete") { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + trans.info().printf("Delete requested on %s\n", pathParam(req, ":id")); + resp.setStatus(200 /* OK */); + } + },APPLICATION_JSON); + + } }